37 | 
California Consumer Privacy Act of 2018 (as amended by the
California Privacy Rights Act of 2020) and Related Regulations
(B)  A provider of health care governed by the Confidentiality of Medical Information Act (Part 2.6 (commencing with
Section 56) of Division 1) or a covered entity governed by the privacy, security, and breach notification rules issued
by the United States Department of Health and Human Services, Parts 160 and 164 of Title 45 of the Code of
Federal Regulations, established pursuant to the Health Insurance Portability and Accountability Act of 1996 (Public
Law 104-191), to the extent the provider or covered entity maintains patient information in the same manner as
medical information or protected health information as described in subparagraph (A) of this section.
(C)  Personal information collected as part of a clinical trial or other biomedical research study subject to, or conducted
in accordance with, the Federal Policy for the Protection of Human Subjects, also known as the Common Rule,
pursuant to good clinical practice guidelines issued by the International Council for Harmonisation or pursuant
to human subject protection requirements of the United States Food and Drug Administration, provided that the
information is not sold or shared in a manner not permitted by this subparagraph, and, if it is inconsistent, that
participants be informed of that use and provide consent.
(2)  For purposes of this subdivision, the definitions of “medical information” and “provider of health care” in Section 56.05
shall apply and the definitions of “business associate,” “covered entity,” and “protected health information” in Section
160.103 of Title 45 of the Code of Federal Regulations shall apply.
(d)  (1)  This title shall not apply to an activity involving the collection, maintenance, disclosure, sale, communicate, or use of
any personal information bearing on a consumer’s creditworthiness, credit standing, credit capacity, character, general
reputation, personal characteristics, or mode of living by a consumer reporting agency as defined by subdivision (f) of
Section 1681a of Title 15 of the United States Code, who provides information for use in a consumer report as defined
in subdivision (d) of Section 1681a of Title 15 of the United States Code.
(2)  Paragraph (1) shall apply only to the extent that such activity involving the collection, maintenance, disclosure, sale,
communication, or use of such information by that agency, furnisher, or user is subject to regulation under the Fair
Credit Reporting Act (Section 1681 et seq., Title 15 of the United States Code and the information is not collected,
maintained, used, communicated, disclosed, or sold except as authorized by the Fair Credit Reporting Act.
(3) This subdivision shall not apply to Section 1798.150.
(e)  This title shall not apply to personal information collected, processed, sold, or disclosed subject to the federal Gramm-
Leach-Bliley Act (Public Law 106-102), and implementing regulations or the California Financial Information Privacy Act
(Division 1.4 (commencing with Section 4050) of the Financial Code) or the federal Farm Credit Act of 1971 (as amended
in 12 U.S.C. 2001-2279cc and implementing regulations, 12 C.F.R. 600, et seq.). This subdivision shall not apply to Section
1798.150.
(f)  This title shall not apply to personal information collected, processed, sold, or disclosed pursuant to the Driver’s Privacy
Protection Act of 1994 (18 U.S.C. Sec. 2721 et seq.). This subdivision shall not apply to Section 1798.150.
(g)  (1)  Section 1798.120 shall not apply to vehicle information or ownership information retained or shared between a new
motor vehicle dealer, as defined in Section 426 of the Vehicle Code, and the vehicle’s manufacturer, as defined in
Section 672 of the Vehicle Code, if the vehicle information or ownership information is shared for the purpose of
effectuating, or in anticipation of effectuating, a vehicle repair covered by a vehicle warranty or a recall conducted
pursuant to Sections 30118 to 30120, inclusive, of Title 49 of the United States Code, provided that the new motor
vehicle dealer or vehicle manufacturer with which that vehicle information or ownership information is shared does not
sell, share, or use that information for any other purpose.
(2)  Section 1798.120 shall not apply to vessel information or ownership information retained or shared between a vessel
dealer and the vessel’s manufacturer, as defined in Section 651 of the Harbors and Navigation Code, if the vessel
information or ownership information is shared for the purpose of effectuating, or in anticipation of effectuating, a
vessel repair covered by a vessel warranty or a recall conducted pursuant to Section 4310 of Title 46 of the United
States Code, provided that the vessel dealer or vessel manufacturer with which that vessel information or ownership
information is shared does not sell, share, or use that information for any other purpose.